In this Group Policy section, you can perform many individual configurations, including policies that allow or deny a user or group to launch a file, perform an installation or execute a script. Besides, you can install exceptions and apply it in Active Directory. If you do not want to deny it completely, you can configure AppLocker to only check the continuous repetition of an installation file, a command or a standard executable.
AppLocker is a new feature that is not integrated on operating systems before Windows Server 2008 R2 or Windows 7. With those operating systems, you can apply Software Restriction Policies through a separate policy object group.